Setting up guest network on separate router

Toggle sidebar Toggle sidebar
B

BIC2

Distinguished
Aug 9, 2015
22
0
18,510
My Google Fiber Gateway (modem/router) does not have a guest network so I bought a TP-Link TL-WR940N v3 router to use as a guest network. The Google Gateway goes to a switch then to the TP-Link. The TP-Link set up OK using all the default settings so the SSID & WPA key are different than the main network.

1. Using Angry IP Scanner while on the guest network, I could see all the devices on my main network. Should I only see the devices on the guest network?

2. If this is not set up correctly, what should I do to create a guest network?

3. Both are on auto-channel and according to WiFi Analyzer phone app, they're on different channels. Is auto OK or should I set manually to different channels.

4. I presume I should change configuration user/password, currently admin/admin, but don't see anywhere to change these.

Thanks in advance for any help.
 
Solution
B
Can't be fixed with consumer routers. All the guest feature does is force any traffic from the guest network only to go to the WAN port. In your case the wan port is not the internet it is you primary network. The guest feature only work well when it is run on a device that has direct internet.

The only way to get a actual guest network when there are multiple hardware devices involved is to use vlans which consumer routers do not support.

Now maybe you could put a firewall rule in your router that has the guest network preventing them from going to any address in the main network. Not sure if it will work or if the guest network bypasses the firewall rules also.
Sort by date Sort by votes
B

bill001g

Titan
Aug 9, 2012
28,318
2,754
125,640
Can't be fixed with consumer routers. All the guest feature does is force any traffic from the guest network only to go to the WAN port. In your case the wan port is not the internet it is you primary network. The guest feature only work well when it is run on a device that has direct internet.

The only way to get a actual guest network when there are multiple hardware devices involved is to use vlans which consumer routers do not support.

Now maybe you could put a firewall rule in your router that has the guest network preventing them from going to any address in the main network. Not sure if it will work or if the guest network bypasses the firewall rules also.
 
Upvote 1 Downvote
Solution
Solandri

Solandri

Illustrious
Jan 4, 2012
4,919
98
39,240
1. Nope, you should see all devices on both network from your TP-Link. Basically, all devices connected to the TP-Link see the TP-Link as the local network, and anything outside the TP-Link (including your main network) are "the Internet" and accessible.

2. Your private network needs to be the one behind the TP-Link router. The guest network can be on the Google router (and visible from the TP-Link router). I'd actually recommend getting a router with guest network functionality built-in, since most of those also give you the option to isolate the guests from each other (they can't see each other), plus allow you to temporarily let them see your private network (e.g. if a guest needs to print something to your LAN printer, or you want to transfer a file between the guest computer and your private computer). But you need to do your research to make sure the router supports these functions.

3. Personal choice. But I haven't been happy with auto-channels unless you're in a very crowded wifi environment. The problem is that the "best" channel is selected by the router based on what other wifi networks the router sees. This may be totally different from the wifi networks your device sees. In other words, the router may choose a channel which makes it easy for it to pick up signals from the device, but makes it difficult for the device to pick up signals from the router.

4. Have you tried the manual? :)
 
Upvote 0 Downvote
T

techmoose

Commendable
Nov 11, 2016
1
0
1,510
Since you already have a separate router, what you might be able to do is set up the TP-Link so that the LAN IP address is different from the Google Gateway router (for example instead of the default 192.168.0.1 you could change the TP-Link's LAN IP to 192.168.1.1). From my understanding it will separate the networks so neither network can view anything on the other network. So you could then set the SSID and password to your liking, while having a wireless guest network that can't see anything on the main network.
(Side note: I still consider myself a noob at networking but that's how I set up a main home network that beamed a wireless bridge over to a guest apartment so that they basically had a separate network but couldn't snoop on the main network. Slightly different scenarios but it could work in your case too I believe.)
 
Upvote 0 Downvote
B

bill001g

Titan
Aug 9, 2012
28,318
2,754
125,640

This is the design that was discussed in the second post. If the guest network is behind the secondary router then its wan port is on the main network and the users can see all those ip addresses because to them it is internet.

Now if you mean you hook the lan ports together then you have a massive issue. If you leave DHCP on then you get random ip assignment. The guest users and main users will be randomly assigned to the 2 networks. You could manually assign ip in one but that is a huge pain. It still is not security. It is like locking your door with a do not enter sign. Someone can change the ip and subnet mask at will on their end device to get access to either network.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom